SUSE-RU-2017:1630-1: moderate: Recommended update for pure-ftpd

sle-updates at lists.suse.com sle-updates at lists.suse.com
Tue Jun 20 19:09:42 MDT 2017


   SUSE Recommended Update: Recommended update for pure-ftpd
______________________________________________________________________________

Announcement ID:    SUSE-RU-2017:1630-1
Rating:             moderate
References:         #1042690 #971980 #986520 
Affected Products:
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that has three recommended fixes can now be
   installed.

Description:


   This update provides pure-ftpd 1.0.43, which brings several fixes and new
   features.

   - The connection is now dropped if HTTP commands are received.
   - LDAP force_default_gid and force_default_uid now work as documented.
   - The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch is now on by default, except
     in broken clients compatibility mode.
   - New command-line switch: -2/--certfile= to set the path to the
     certificate file when using TLS.
   - Support for TCP_FASTOPEN added on Linux.
   - The LDAP configuration file now allows a default gid without also
     defining a default uid.
   - Retry if SSL_shutdown() returns -1 and SSL_ERROR_WANT_(READ|WRITE)
   - TLS forward secrecy support was added. DH parameters are loaded from
     TLS_DHPARAMS_FILE, if present. ECDH is also supported and the default
     curve is prime256v1 (TLS_DEFAULT_ECDH_CURVE).
   - scrypt hashed passwords can be used in the MySQL, PostgreSQL and LDAP
     backends.
   - The -C: prefix can be added to the cipher suite in order to make valid
     client certificates mandatory.
   - The Clear Command Channel (CCC) command is now supported.
   - SSL (v2, v3) is refused by default.
   - DES-hashed passwords are not supported any more.
   - LDAP uid and gid values can over overridden in the LDAP configuration
     file.
   - RC4 was dropped.
   - Repair checkproc() on Linux when support for capabilities is compiled in.
   - Add support for MFMT, with the same code as SITE UTIME.
   - Support 2-arguments SITE UTIME.
   - Add LDAPDefaultHomeDirectory.
   - Fix quota computation after rename() overwrites an existing file.
   - If 10 digits are not enough to print the size of a file in an ls-like
     output, bump the max number
     of digits to 18. This adds support for files up to 1 exabyte.
   - Support SHA1 password hashing in MySQL and PostgreSQL backends.
   - Support for braces expansion in directory listings has been disabled.
   - Introduce --tlsciphersuite (-J) to set the list of allowed ciphers.
   - The -F switch has been documented in the built-in help.
   - Shell-like escaping is now partially handled when emulating the "ls"
     command.
   - pure-quotacheck can now work with a large number of files.
   - When an upload gets renamed (--autorename), send the new name to the
     uploadscript instead of the
     original one.
   - The ALLO command now checks for the actual disk space in addition to the
     virtual quota.
   - After an atomic resumed upload, don't append the previous file size to
     the quota.
   - Always accept OPTS UTF8 ON, but refuse OPTS UTF8 OFF if client_charset
     is UTF8.
   - Reset the CWD failures counter after a successful directory has been
     created.
   - Allow users with no quota to delete .pureftpd-upload-* files.
   - Properly change the process name on Linux when the -S option is used.
   - Restore the traditional behavior of a download restarting at the end of
     a file.
   - Refuse empty passwords in LDAP bind mode.
   - LDAP authentication through binding is now possible in addition to
     passwords.
   - Almost a complete rewrite of the upload, download and TLS code for more
     reliability.
   - Don't use atomic uploads unless --notruncate or --autorename have been
     enabled.
   - List up to 10000 files per directory per default instead of 2000.
   - Quota handling reworked.
   - RNTO support even when quota are enabled.
   - Don't change the TCP window size.
   - Privsep is now enabled by default.

   For a comprehensive list of changes please refer to the package's change
   log.


Patch Instructions:

   To install this SUSE Recommended Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-pure-ftpd-13161=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-pure-ftpd-13161=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      pure-ftpd-1.0.43-29.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      pure-ftpd-debuginfo-1.0.43-29.1
      pure-ftpd-debugsource-1.0.43-29.1


References:

   https://bugzilla.suse.com/1042690
   https://bugzilla.suse.com/971980
   https://bugzilla.suse.com/986520



More information about the sle-updates mailing list